Inbound calls to intelligent controlled-environment facility resident media and/or communications devices

ABSTRACT

Systems and methods for inbound calls to controlled-environment facility resident media and/or communications devices may receive, via the device, data associated with the resident operating the device. Authentication of the resident operating the device may be verified as associated with an address identifier of the device and it may be confirmed that an inbound calling non-resident is associated with the address identifier. A notification of the inbound call may then be sent to the device, and the same or other data associated with the resident operating the device may be received, via the device. Authentication of the resident operating the device as a resident as associated with an address identifier may be re-verified using the same or other data and the call connected as a result of the verification, confirmation and/or re-verification.

CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation-in-part of, and claims benefit of, U.S. patentapplication Ser. No. 15/238,411, also entitled Inbound Calls toIntelligent Controlled-Environment Facility Resident Media and/orCommunications Devices, filed Aug. 16, 2016 and issued as U.S. Pat. No.9,742,910 on Aug. 22, 2017, and therethrough to U.S. patent applicationSer. No. 14/872,953, also entitled Inbound Calls to IntelligentControlled-Environment Facility Resident Media and/or CommunicationsDevices, filed Oct. 1, 2015 and issued as U.S. Pat. No. 9,420,094 onAug. 16, 2016, both of which are hereby incorporated herein byreference.

TECHNICAL FIELD

The present disclosure relates generally to controlled-environmentfacilities, more particularly to communications with residents ofcontrolled-environment facilities, and specifically to inbound phone andvideo calls to intelligent controlled-environment facility residentmedia and/or communications devices.

BACKGROUND

According to the International Centre for Prison Studies, the UnitedStates has the highest prison population per capita in the world. In2009, for example, 1 out of every 135 U.S. residents was incarcerated.Generally, inmates convicted of felony offenses serve long sentences inprison (e.g., federal or state prisons), whereas those convicted ofmisdemeanors receive shorter sentences to be served in jail (e.g.,county jail). In either case, while awaiting trial, a suspect or accusedmay remain incarcerated. During his or her incarceration, an inmate mayhave opportunities to communicate with the outside world.

By allowing prisoners to have some contact with friends and family whileincarcerated, the justice system aims to facilitate their transitionback into society upon release. Traditional forms of contact includetelephone calls, in-person visitation, conjugal visits, etc. Morerecently, technological advances have allowed jails and prisons toprovide other types of visitation, including individual-to-individualvideoconferences and online chat sessions.

Traditional communication services provide residents (inmates) ofcontrolled-environment facilities (such as correctional facilities) theability to place outbound phone calls to non-residents of thecontrolled-environment facility. Additionally, non-residents cantypically schedule video visitation with residents (inmates) of thecontrolled-environment facility. Other types of communication availableto controlled-environment residents include the ability to exchangeemail and canned text messages between residents and non-residents ofthe controlled-environment facility. Basically, all of these forms ofcommunication aim to facilitate communication between a resident of acontrolled-environment facility and a non-resident.

Additionally, over the past several years, the above-mentioned sharpincrease in the U.S. inmate population has not been followed by aproportional increase in the number of prison or jail staff. To thecontrary, budget pressures in local, state, and federal governments havemade it difficult for correctional facilities to maintain an adequatenumber of wardens, officers, and other administration personnel. Hence,many correctional facilities are often unable to perform investigationswith respect to their own inmates.

SUMMARY

The present invention is directed to systems and methods, which providehandling of inbound calls to resident (e.g. inmate) media and/orcommunications devices. Such a system may include an inbound residentcall server, an authenticating server, and/or the like. Theauthenticating server may be a part of the inbound resident call server,or the like, in some implementations.

The inbound resident call server may be adapted to host inbound callingaccounts established by non-residents and receive inbound calls fromsuch non-residents. The inbound calls may be routed to theauthenticating server by the inbound resident call server. Theauthenticating server may be adapted to authenticate that a non-residentis associated with an inbound calling account and confirm that theinbound calling account is associated with an address identifier of theresident media and/or communications device the non-resident is calling.The authenticating server may also receive, via the called residentmedia and/or communications device, a personal identification numberassociated with the resident the inbound call is directed to and mayverify that the personal identification number is associated with theaddress identifier of the resident media and/or communications device.The inbound resident call server may also confirm that the residentmedia and/or communications device is active and connect the inboundresident call system with the resident media and/or communicationsdevice in response to confirming that the resident media and/orcommunications device is active, or alternatively, inform thenon-resident the resident is not available for the inbound call inresponse to failure to confirm that the resident media and/orcommunications device is active. Thereupon, the inbound resident callserver may connect the non-resident inbound call with the resident mediaand/or communications device, as a result of the authenticating serverauthenticating that the non-resident is associated with the inboundcalling account, confirming that the inbound calling account isassociated with an address identifier of the resident media and/orcommunications device and verifying that the personal identificationnumber is associated with the address identifier of the resident mediaand/or communications device.

In some implementations, the inbound call from the non-resident may bedirected to the resident media and/or communications device and theinbound resident call server may, in such cases intercept the inboundcall. Additionally, or alternatively, the inbound resident call server,or the like may host a central phone number for calls directed toresident media and/or communications devices, and in suchimplementations, inbound calls from non-residents may be directed to thecentral phone number and the inbound resident call server may acceptrequests from non-residents for calls into residents and/or morespecifically into a particular resident's media and/or communicationsdevice.

Various other features provided in accordance with assortedimplementations of the present systems and methods may include thefollowing. A flat fee or time-based fee may be charged for the inboundcall and/or a subscription fee may (periodically) be charged followingestablishment of the inbound calling account for the non-resident, suchas from an inbound calling account of the non-resident. The inbound callmay be monitored, such as for impermissible activity, keywords, or thelike. The inbound call may also be tracked and/or recorded, andresulting recordings may be stored (and tracked). Also, a determinationmay be made as to whether the non-resident is on a personal allowednumber list and/or a pre-approved contact list associated with theresident and/or the called media and/or communications device.

In accordance with various aspects the present systems and methodsmultilayer authentication processing of inbound calls to resident mediaand/or communications devices may include receiving, via such a residentmedia and/or communications device, data for verifying authentication ofa resident operating the device, prior to any incoming call. In suchcases, authentication of the resident operating the resident mediaand/or communications device may also be verified as associated with anaddress identifier of the device. Again, an inbound calling non-residentmay be confirmed as associated with the address identifier of theresident media and/or communications device. Whereupon a notificationmay be sent to the resident media and/or communications device of a callto the resident operating the device. However, in accordance withmultilayer authentication, the same or other data for verifyingauthentication of a resident operating the resident media and/orcommunications device is received, via the device, after receipt of thenotification. Whereupon, authentication of the resident operating theresident media and/or communications device as associated with theaddress identifier of the device may be re-verified, using the datareceived after receipt of the notification. Consistent with suchmultilayer authentication, the non-resident inbound call may beconnected with the device as a result of authenticating that thenon-resident is associated with the address identifier of the device andverifying and re-verifying authentication of the resident operating thedevice as associated with the address identifier of the device.

Similar to other aspects of the present systems and methods, the datafor verifying authentication of a resident operating the resident mediaand/or communications device may be received by an authenticatingserver. In such case, the authenticating server may verify theauthentication of the resident operating the device as associated withthe address identifier of the resident media and/or communicationsdevice, using the data. The authenticating server may also confirm thatthe inbound calling non-resident is associated with the addressidentifier of the resident device. Consistent with multilayerauthentication, the authenticating server may also receive the same orother data for verifying authentication of a resident operating thedevice, after the notification, and the authenticating server mayre-verify authentication of the resident operating the device asassociated with the address identifier of the device, using this data.

In various embodiments, one or more of the techniques described hereinmay be performed by one or more computer systems. In other variousembodiments, a tangible computer-readable storage medium may haveprogram instructions stored thereon that, upon execution by one or morecomputer systems, cause the one or more computer systems to execute oneor more operations disclosed herein. In yet other various embodiments,one or more systems may each include at least one processor and memorycoupled to the processor(s), wherein the memory is configured to storeprogram instructions executable by the processor(s) to cause thesystem(s) to execute one or more operations disclosed herein.

The foregoing has outlined rather broadly the features and technicaladvantages of the present invention in order that the detaileddescription of the invention that follows may be better understood.Additional features and advantages of the invention will be describedhereinafter which form the subject of the claims of the invention. Itshould be appreciated that the conception and specific embodimentdisclosed may be readily utilized as a basis for modifying or designingother structures for carrying out the same purposes of the presentinvention. It should also be realized that such equivalent constructionsdo not depart from the invention as set forth in the appended claims.The novel features which are believed to be characteristic of theinvention, both as to its organization and method of operation, togetherwith further objects and advantages will be better understood from thefollowing description when considered in connection with theaccompanying figures. It is to be expressly understood, however, thateach of the figures is provided for the purpose of illustration anddescription only and is not intended as a definition of the limits ofthe present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

Having thus described the invention in general terms, reference will nowbe made to the accompanying drawings, which are not necessarily drawn toscale, and wherein:

FIG. 1 is a diagrammatic illustration of an example communicationsenvironment, wherein an example of embodiments of the present systemsand methods for inbound calls to intelligent controlled-environmentfacility resident media and/or communications devices may be practiced,according to some embodiments;

FIG. 2 is a flowchart of an example process for inbound calling tointelligent controlled-environment facility resident media and/orcommunications devices, in accordance with some embodiments;

FIG. 3 is a flowchart of another implementation of an example processfor inbound calling to intelligent controlled-environment facilityresident media and/or communications devices, in accordance with someembodiments;

FIG. 4 is a flowchart of yet another example implementation of a processfor inbound calling to intelligent controlled-environment facilityresident media and/or communications devices, in accordance with someembodiments; and

FIG. 5 is a block diagram of a computer system, device, station, orterminal configured to implement various techniques disclosed herein,according to some embodiments.

While this specification provides several embodiments and illustrativedrawings, a person of ordinary skill in the art will recognize that thepresent specification is not limited only to the embodiments or drawingsdescribed. It should be understood that the drawings and detaileddescription are not intended to limit the specification to theparticular form disclosed, but, on the contrary, the intention is tocover all modifications, equivalents and alternatives falling within thespirit and scope of the claims. As used herein, the word “may” is meantto convey a permissive sense (i.e., meaning “having the potential to”),rather than a mandatory sense (i.e., meaning “must”). Similarly, thewords “include,” “including,” and “includes” mean “including, but notlimited to.”

DETAILED DESCRIPTION

The invention now will be described more fully hereinafter withreference to the accompanying drawings. This invention may, however, beembodied in many different forms and should not be construed as limitedto the embodiments set forth herein. Rather, these embodiments areprovided so that this disclosure will be thorough and complete, and willfully convey the scope of the invention to those skilled in the art. Oneskilled in the art may be able to use the various embodiments of theinvention.

For example, various types of controlled-environment facilities arepresent in today's society, and persons may be voluntary or involuntaryresidents of such facilities, whether temporarily or permanently.Examples of controlled-environment facilities may include correctionalinstitutions (e.g., municipal jails, county jails, state prisons,federal prisons, military stockades, juvenile facilities, detentioncamps, home incarceration environments, etc.), healthcare facilities(e.g., hospitals, nursing homes, mental health facilities,rehabilitation facilities, such as drug and alcohol rehabilitationfacilities, etc.), restricted living quarters (e.g., hotels, resorts,camps, dormitories, barracks, etc.), and the like. For convenience ofexplanation, various examples discussed herein are presented in thecontext of correctional facilities, or the like. For instance, in someof the embodiments discussed below, a controlled-environment facilitymay be referred to as a correctional facility, jail or prison, and itsresidents may be referred to as inmates, arrestees, or detainees. Itshould be understood, however, that the systems and methods describedherein may be similarly applicable to other types ofcontrolled-environment facilities and their respective residents (e.g.,a hospital and its patients, a school dormitory and its students, etc.).

The present systems and methods relate generally tocontrolled-environment facilities, more particularly to communicationswith residents of controlled-environment facilities, and specifically toinbound phone and video calls to intelligent controlled-environmentfacility resident media and/or communications devices. Embodiments ofthe present systems and methods for processing inbound calls to residentmedia and/or communications devices may employ an inbound resident callserver configured to host inbound calling accounts established bynon-residents, receive inbound calls from the non-residents, route theinbound calls to an authenticating server, confirm that the residentdevice is active, and connect the inbound resident call system with theresident device if active or inform the non-resident the resident is notavailable. The inbound resident call server also connects thenon-resident inbound call with the resident device if the non-residentis associated with the inbound calling account, the inbound callingaccount is associated with an address identifier of the resident deviceand a personal identification number provided by the called resident isassociated with the address identifier of the resident device, all ofwhich may be authenticated by the authenticating server.

Controlled-environment facility calls have traditionally been outgoingonly, such as prepaid calls, collect calls or calls made by residentspaid for using a trust account maintained to the benefit of theresident. Inbound calls to residents have here-to-fore not been allowedor have been impractical. For example, inbound calls to a correctionalfacility wall-mounted, table top, roll around, or similar phone ininmate housing areas (i.e. the phones inmates have traditionally used toplace outbound calls, such as via an interactive voice response system(IVR)) cannot be properly directed to the intended inmate, since thephone may be answered by any inmate, who may not cooperate, or may notbe able to cooperate, to get the intended inmate on the phone. However,controlled-environment facility resident media and/or communicationsdevices, such as tablet computing devices, or the like, speciallyadapted and/or otherwise approved for use in the controlled-environmentfacility are capable of receiving inbound communications, such as via awireless network associated with the controlled-environment facility.

In accordance with embodiments of the present systems and methods, anon-resident can set-up inbound calling account, such as via a website,provide for payment, and place inbound calls to controlled-environmentfacility resident media and/or communications devices, such as residenttablets. Various embodiments of such systems and methods may accept aninbound call to an inbound controlled-environment facility residentmedia and/or communications device call server (or via a website). Wherethe inbound call is directed to a central number for calls directed tocontrolled-environment facility resident media and/or communicationsdevices, the method may further comprise accepting a request from thenon-resident for a call into the resident and/or thecontrolled-environment facility resident media and/or communicationsdevice. Various embodiments of the present systems and methods aredirected to allowing inbound calls to residents based on acontrolled-environment facility resident media and/or communicationsdevice Address Identifier (AID), residents name and, in some embodimentsa resident-associated identification number. This AID number may bemarried to the call request in such embodiments and the resident mayaccept a forwarded call by entering personal identification number (PIN)and/or verifying authentication, such as through voice recognition, keypad, touchpad, fingerprint, ocular-based recognition or other biometric,non-biometric, or other authentication methods. A PIN can be entered inany number of ways, which may incorporate biometric verification intothe entering of the PIN itself. For example, the PIN may be enteredusing a touchscreen, such that fingerprint recognition can be used toverify the typer's identity. Alternatively (or additionally) the PIN maybe spoken to be entered, and while speech recognition may be used torecognize the spoken numbers of the PIN, voice recognition may be usedon the spoken PIN to verify the speaker's identity. Further, an image ofthe user may be captured during such PIN entry and facial recognitionmay be used to (further) confirm the identity of the user, such as forcorrelation with the PIN. Security measures applied to inbound calls mayinclude similarly use of voice recognition (during the call) to ensurethe tablet is not handed off to another resident (or monitoring to seewho the tablet is handed off to). Voice mail, and other call featuresmay also be employed in conjunction with various embodiments of thepresent systems and methods.

FIG. 1 is a diagrammatic illustration of an example communicationsenvironment, wherein example embodiments of the present systems andmethods for inbound phone or video calls to intelligentcontrolled-environment facility resident media and/or communicationsdevices may be practiced, according to some embodiments. As shown,communication processing system 101 may provide telephone services,videoconferencing, online chat, and other communication services to acontrolled-environment facility. For example, in some cases,communication system 101 may be co-located with a controlled-environmentfacility. Alternatively, communication system 101 may be centrally orremotely located with respect to one or more controlled-environmentfacilities and/or may provide communication services to multiplecontrolled-environment facilities. More generally, however, it should benoted that communication system 101 may assume a variety of forms, andmay be configured to serve a variety of facilities and/or users, whetherwithin or outside of a controlled-environment facility.

In the context of a correctional facility, for instance, inmates may usetelephones 102 to access certain communication services. In somefacilities, inmates may also use a personal computer wireless device(104), referred to herein as a(n) (intelligent) controlled-environmentfacility resident media and/or communications device, an inmate mediaand/or communications device, or the like, to access such services. Forexample, an inmate may initiate telephone services by lifting thereceiver on telephone 102 or launching a communications applicationprogram (app) on inmate media and/or communications device 104, at whichtime the inmate may be prompted to provide PIN, other identifyinginformation, or biometrics. An interactive voice response (IVR) unit(not shown) may generate and play a prompt, send a text or othermessages to inmates on devices 102 and/or 104.

Under the control of communication processing system 101, devices 102and 104 may be capable of connecting to a non-resident's (i.e., a personnot committed to a controlled-environment facility) device 105 ortelephone 106 across a publicly switched telephone network (PSTN) 107.For example, device 105 may be a mobile phone, whereas telephone 106 maybe located at a non-resident's home, inmate visitation center, etc.Switch 108 in communication processing system 101 may be used to connectcalls across PSTN 107. Additionally or alternatively, the non-residentmay be at telephone 109 or device 112, which is on an IntegratedServices Digital Network (ISDN), Voice-over-IP (VoIP), or packet datanetwork 110, such as, for example the Internet. Router 111 ofcommunication system 101 is used to route data packets associated with acall connection to destination telephone 109 or device 112.

Video visitation devices 103 may have video conferencing capabilities toenable inmates to participate in video visitation sessions withnon-residents of the correctional facility via video call, secure onlinechat, etc. For example, a non-resident party may have a personal orlaptop computer 113 with camera 114 (or a cell phone, tablet computer,etc.). Additionally or alternatively, device 112 may have an integratedcamera and display (e.g., a smart phone, tablet, etc.). A networkconnection between the parties may be established and supported by anorganization or commercial service that provides computer services andsoftware for use in telecommunications and/or VOIP, such as SKYPE®.Additionally or alternatively, the correctional facility and/or thedestination may use videoconferencing equipment compatible with ITUH.323, H.320, H.264, and/or V.80, or other suitable standards. Generallyspeaking, each video visitation device 103 may be disposed in avisitation room, in a pod, cell, etc.

In some embodiments, video visitation devices 103 may be implemented asa computer-based system. For example, each of video visitation devices103 may include a display, camera, and handset. The display may be anysuitable electronic display such as, for example, a Liquid CrystalDisplay (LCD), a touchscreen display (e.g., resistive, capacitive,etc.), or the like, whereas the camera may be any suitable imagingdevice such as, for instance, a video camera or webcam equipped withCharge-Coupled Devices (CCDs), Complementary Metal-Oxide-Semiconductor(CMOS) active pixel sensors, etc. A handset may be similar to atraditional telephone handset including an earpiece portion (with aloudspeaker), a handle portion, and a mouthpiece portion (with amicrophone).

During a video visitation session, video visitation devices 103 may beconfigured to capture a video image of an inmate to be transmitted to anon-resident using the camera, and to display a video image of thenon-resident to the inmate using the display. Video visitation devices103 may also be configured to capture an audio signal from the inmate tobe transmitted to a non-resident using the mouthpiece portion of thehandset, and to provide an audio signal from the non-resident to theinmate using the earpiece portion of the handset. Additionally oralternatively, audio received from the non-resident may be reproducedvia a loudspeaker, and audio provided by the inmate may be captured viaa microphone. In some cases, video visitation devices 103 may assume theform of any computer, tablet computer, smart phone, etc., or any otherconsumer device or appliance with videoconferencing capabilities.

Intelligent controlled-environment facility resident media and/orcommunications devices 104 may be tablet computing devices, smartphones,media players, or the like adapted and/or approved for use by residentsof the controlled-environment facility (within thecontrolled-environment facility). Each intelligentcontrolled-environment facility resident media and/or communicationsdevice 104 may be particularly adapted for use in acontrolled-environment. For example, in a correctional institution,jail, or the like, such an intelligent controlled-environment facilityresident media and/or communications device, may have a speciallyadapted operating system and/or may be “stripped-down,” particularlyfrom the standpoint of what apps and/or hardware are provided or allowedon intelligent controlled-environment facility resident media and/orcommunications device 104, and/or connectivity afforded such a device.For example, such a device may employ an operating system kernel suchone based upon an open source platform such as the CyanogenMod-basedoperating system, which may be built for use in such a device in acontrolled-environment facility. As a further example, the intelligentcontrolled-environment facility resident media and/or communicationsdevice may be adapted to only connect to a network provided by thecontrolled-environment facility, and/or in only certain locations,within the controlled-environment facility, such as may be controlled byavailability of Wi-Fi access, or the like, only being available incertain areas. That is, for example, where streaming and/or downloadingmay be compartmentalized, leveraging the structure of thecontrolled-environment facility, for example, limiting the availabilityof a Wi-Fi signal, providing the stream through the placement ofwireless access points, antenna directionality of such wireless accesspoints, and/or the like. Further, the intelligent controlled-environmentfacility resident media and/or communications device may allow access toapps or content only upon application of security measures, by thedevice. Such security measures may include determining, by the device,DNS spoofing, DNS redirection, use of proxy servers for privacy andsecurity, biometric validation, password validation, and/or the like.Also, in accordance with embodiments of the present systems and methods,the intelligent controlled-environment facility resident media and/orcommunications device may have a few fixed apps pre-installed on thedevice, and installation of further apps on the device may be forbidden(i.e. prevented by modifications to the device's operating system, orthe like) and/or restricted, such as by requiring permission from afacility administrator, or the like. Apps provided on intelligentcontrolled-environment facility resident media and/or communicationsdevices might include apps of particular interest to residents of thecontrolled-environment facility. For example, such inmate media and/orcommunications devices provided to inmates of correctional facilities,might include apps that may be of particular use to an inmate, ingeneral, such as access to a legal research service, or of more specificinterest, such as providing an inmate nearing release, access toemployment searching apps or the like. Hence, such inmate media and/orcommunications devices may be used to help soon-to-be released inmatesto transition. For example, the inmate media and/or communicationsdevice may be used to communicate with a future employer, or the like.As such, inmate media and/or communications devices may be sponsored, orotherwise subsidized by organizations or companies, assisting with thetransition of inmates into society.

In addition to providing certain visitation and communicationoperations, communication processing system 101 may attempt to ensurethat an inmate's calls, video conferences, online chats, etc. areperformed only with non-residents whose identities, devices, emailaddresses, phone numbers, etc. are listed in that inmate's PersonalAllowed Number (PAN) or Pre-Approved Contact (PAC) list. Each inmate'sPAN or PAC list may be stored, for example, in database 115 maintainedby Administration and Management System (AMS) 116. In addition to PAN orPAC list(s), AMS 116 may also store inmate or resident profile data(RPD), as well as visitation rules applicable to each inmate.

As an example, in the context of a correctional facility, database 115may include information such as balances for inmate trust and callingaccounts; trial schedule; conviction data; criminal record; sentencingdata, such as time served, time remaining to be served, and releasedate; cell and cellmate assignments; inmate restrictions and warnings;commissary order history; telephone call history; video and/or audiocommunication recordings; known or suspected gang or criminalaffiliations; known or suspected affiliates, accomplices, or gangmembers; and any other information that may be relevant or useful tocorrectional facility staff to house and maintain inmates.

In some implementations, communication system 101 may be configured toperform call and/or video visitation monitoring operations configured tomonitor and or record calls and/or video visitations (e.g., aselectronic audio or video files). Such monitoring may be carried out todetect impermissible activity, such as attempts to initiate three-waycalls, and/or for investigative purposes, such as detection of keywordsrelated to criminal activity or the like. In scenarios wherecommunication system 101 is located within the controlled-environmentfacility, it may have direct access to AMS 116. In other embodiments,however, communication system 101 may be located remotely with respectto the controlled-environment facility, and access to AMS 116 may beobtained via a computer network such as, for example, network 110.

In many controlled-environment facilities, inmates are restricted fromcommunicating with persons outside of the controlled-environmentfacility using any device other than the system described in FIG. 1.Reasons for this include protection of persons outside of thecontrolled-environment facility from offensive, inappropriate, orillegal contact with an inmate. Additionally, these restrictions mayhelp to prevent inmates from directing further illegal activity withconspirators located outside of the controlled-environment facility,witness tampering, victim protection etc. Administrators of thecontrolled-environment facility may wish to limit the inmate's contactto parties on the inmate's PAN or PAC list.

In the illustrated environment inbound phone or video call processingsystem 130 may process inbound calls to intelligentcontrolled-environment facility resident media and/or communicationsdevices 104. Inbound call processing system 130, may include inboundresident call server 132, which may include at least one processor andmemory coupled to the processor(s), wherein the memory is configured tostore program instructions executable by the processor(s) to cause thesystem(s) to execute one or more operations. For example, inbound callprocessing server 132 may be configured to host inbound calling accounts134 established by non-residents of a controlled-environment facility.Inbound call processing server 132 may also be configured to receiveinbound calls from the non-residents, such as calls from non-residentdevices 105, 106, 109, 112 or 113, and to route such inbound calls toauthenticating server 136, which may, as mentioned above be integratedinto inbound call processing server 132 in whole or part, such as amodule, functionality, or the like thereof, or separate therefrom.Likewise, inbound call processing server 132, and hence authenticatingserver 136 may, in some embodiments be integrated intocontrolled-environment facility communications processing system 101,such as a module, functionality, or the like thereof, therebyintegrating inbound calling system 130 into controlled-environmentfacility communications processing system 101.

The inbound call from the non-resident may be intended by thenon-resident to be directed to the controlled-environment facilityresident media and/or communications device (104) of the resident thenon-resident wishes to call. In such cases, inbound call processingserver 132 may intercept the inbound call. Additionally oralternatively, inbound resident call server 132 may host a central phonenumber, such as a toll-free number, for calls directed tocontrolled-environment facility resident media and/or communicationsdevices 104. In such embodiments, an inbound call from a non-residentdevice (105, 106, 109, 112 or 113) may be directed to the central phonenumber and inbound resident call server 132 may correspondingly beconfigured to accept requests from non-residents for calls intoresidents via their controlled-environment facility resident mediaand/or communications device (104).

Inbound call processing server 132 may also be configured to confirmthat the controlled-environment facility resident media and/orcommunications device (104) being called is active (i.e. available andreachable to receive the inbound call, etc.) or inactive (i.e. thecalled controlled-environment facility resident media and/orcommunications device is not active or not available, busy, etc.). Ifthe called controlled-environment facility resident media and/orcommunications device is active, inbound call processing server 132 mayconnect with the controlled-environment facility resident media and/orcommunications device (104), but if the controlled-environment facilityresident media and/or communications device is not active inbound callprocessing server 132 may inform the non-resident that the resident isnot available for the inbound call.

Inbound call processing system 130, may as also indicated, includeauthenticating server 136, which may also make use of at least oneprocessor and memory coupled to the processor(s), wherein the memory isconfigured to store program instructions executable by the processor(s)to cause the server(s) to execute one or more operations. For example,authenticating server 136 may be configured to authenticate that anon-resident is associated with an inbound calling account (134) andconfirm that the inbound calling account is associated with an AddressIdentifier (AID) number of the controlled-environment facility residentmedia and/or communications device (104) the non-resident has indicated(i.e. the device the non-resident has called or the device of theresident the non-resident has requested). This unique AID may be tied toa resident name and number and a Media Access Control (MAC) address ofthe subject controlled-environment facility resident media and/orcommunications device (104). The MAC address and AID are HardcodedAddresses (HCAs), which may also include a processor number, or the likefor uniquely identifying the subject controlled-environment facilityresident media and/or communications device (104). Further,authenticating server 136 may receive, via the controlled-environmentfacility resident media and/or communications device, a PIN entered bythe resident and which should be associated with the resident theinbound call is directed to. The PIN can be entered in any number ofways via device 104. For example, the PIN may be spoken and enteredusing speech recognition and/or it may be entered using a touch screenkeypad, or the like. Further, entry of the PIN may incorporate biometricverification into the entering of the PIN itself. For example, if thePIN is entered using the device's touchscreen, fingerprint recognitioncan be used to verify the typer's identity. Alternatively oradditionally, if the PIN is spoken for entry, voice recognition may beused to verify the speaker's identity, while speech recognition may beused to recognize the spoken numbers of the PIN themselves. Further, acamera of controlled-environment facility resident media and/orcommunications device 104 may be used during spoken or typed PIN entryto capture an image of the party entering the PIN, and the image may beused for facial recognition of the device user to (further) confirm theidentity of the user, which may be used for (further) correlation withthe PIN. Regardless, authenticating server 136 may verify that the PIN(and verified user) is associated with the AID number of thecontrolled-environment facility resident media and/or communicationsdevice.

Inbound call processing server 132 may connect the non-resident inboundcall with the target controlled-environment facility resident mediaand/or communications device (104). In one example, proceeding with sucha connection may result from, as discussed above, server 136authenticating that the non-resident is associated with the inboundcalling account (134), confirming that the inbound calling account isassociated with an AID number of the controlled-environment facilityresident media and/or communications device (104) and/or verifying thatthe PIN is associated with the AID number of the controlled-environmentfacility resident media and/or communications device (104).

FIG. 2 is a flowchart of example process 200 for inbound phone or videocalling to intelligent controlled-environment facility resident (e.g.inmate) media and/or communications devices, in accordance with someembodiments. Therein, a method for processing inbound calls tointelligent controlled-environment facility resident media and/orcommunications devices is illustrated. At 202 an inbound calling account(134) in accordance with a controlled-environment facilitycommunications system/network arrangement is established for anon-resident (e.g. non-inmate friend, family member, etc.) of thecontrolled-environment facility (e.g. correctional facility). At 204 aninbound call from the non-resident is received into an inbound residentcall system (130). This inbound call from the non-resident may beinitially be directed directly to the resident, i.e. to thecontrolled-environment facility resident media and/or communicationsdevice (104), and may be (intercepted and) redirected to initially bereceived in the inbound resident call system (130) for processing inaccordance herewith. However, the inbound call from the non-resident maybe directed to a central phone number, such as a toll-free number or thelike, for calls directed to controlled-environment facility residentmedia and/or communications devices (104). In such a case, variousmethod implementations may call for acceptance of a request at 206 fromthe non-resident for a call into the resident and/or resident'scontrolled-environment facility resident media and/or communicationsdevice (104).

At 208 the inbound call may be routed to an authenticating server (136).This authenticating server may, as noted above, be separate from, orintegrated into or with an inbound resident call server (132), which inturn, may a or may not be a part of the controlled-environment facilitycommunications processing system (101). At 210 the non-resident isauthenticated, such as by the authenticating server (136), as associatedwith the inbound calling account (134) being accessed. Theauthenticating server (136), or the like, may then confirm at 212 thatthe inbound calling account is associated with an AID number of thecontrolled-environment facility resident media and/or communicationsdevice (104) being called. Various implementations of the presentsystems and methods may also confirm that the called resident (e.g. theresident associated with the controlled-environment facility residentmedia and/or communications device to which the inbound call isdirected) is allowed to communicate with the calling non-resident at214, such as by determining if the non-resident is on a PAN and/or PAClist associated with the resident.

The inbound resident call system (130) may confirm that thecontrolled-environment facility resident media and/or communicationsdevice (104) is active, at 216. If the controlled-environment facilityresident media and/or communications device (104) is found to be activeat 216, the inbound resident call system may connect with thecontrolled-environment facility resident media and/or communicationsdevice at 218. However, in response to a failure at 216 to confirm thatthe controlled-environment facility resident media and/or communicationsdevice (104) is active (i.e. the called controlled-environment facilityresident media and/or communications device is not active or notavailable, busy, etc.) the inbound resident call system (130), or thelike, may inform the non-resident, at 220, that the resident is notavailable for the inbound call. At 222 the authenticating server (136),or the like receives a PIN associated with a resident the inbound callis directed to. This personal identification number may be sent via thecontrolled-environment facility resident media and/or communicationsdevice (104) being called by the non-resident. This PIN may be verifiedat 224, such as by the authenticating server, as being associated withthe AID number of the controlled-environment facility resident mediaand/or communications device (104) being called (and providing the PIN).As noted this PIN may be entered in any number of ways. Additionally,such entry may, incorporate biometric verification into this entering ofthe PIN. For example, the PIN may be entered using a touchscreen of thecontrolled-environment facility resident media and/or communicationsdevice (104), such that fingerprint recognition can be used to verifythe device user's identity, which may be matched to the PIN.Alternatively or additionally, the PIN may be spoken into a microphoneof controlled-environment facility resident media and/or communicationsdevice (104) to be entered. In such entry, speech recognition may beused to recognize the spoken numbers of the PIN, while voice recognitionmay be used on the spoken PIN to verify the speaker's identity, whichmay be matched to the PIN digits. Moreover, the camera of thecontrolled-environment facility resident media and/or communicationsdevice may be used, such as while the PIN is typed or spoken to capturean image of the speaker/user for use in facial recognition of the deviceuser to (further) confirm the identity of the user for correlation withthe PIN.

At 226 the non-resident inbound call may be connected with thecontrolled-environment facility resident media and/or communicationsdevice (104), by the inbound resident call system (130), such as, as aresult of authenticating that the non-resident is associated with theinbound calling account (134) at 210, confirming that the inboundcalling account is associated with an AID number of thecontrolled-environment facility resident media and/or communicationsdevice at 212, confirming that the calling non-resident is allowed tocommunicate with the resident at 214 and/or verifying that the personalidentification number is associated with the AID number of thecontrolled-environment facility resident media and/or communicationsdevice at 224.

In accordance with various implementations of the present systems andmethods a flat fee, subscription fee, time-based fee or the like may becharged for the inbound call and decremented at 228 from the inboundcalling account (134) established at 202 and associated with thenon-resident. For example, a flat fee, per-minute fee, or the like, maybe charged for the inbound call. Additionally or alternatively, (a)subscription fees may be periodically (e.g. monthly) charged for inboundcalls by the non-resident to one or more residents, beginning, such as,when the non-resident's inbound calling account is established at 202.Such fees may be decremented from an account associated with thenon-resident, which may also be established at such time. Further, theconnected call may be monitored and/or recorded, such as forinvestigative purposes at 230. For example, such monitoring may becarried out for detection of impermissible activity such as attempts toinitiate three-way calls, and/or monitored for keywords of the like,such as for investigative purposes. Call recordings may be stored forlater review for similar investigative purposes. Additionally oralternatively the connected call may be tracked, such as throughcreation of a communication detail record (CDR) during and/or after thecall at 232.

FIG. 3 is a flowchart of another implementation of an example process(300) for inbound phone or video calling to intelligentcontrolled-environment facility resident media and/or communicationsdevices, in accordance with some embodiments. Therein, a non-resident(e.g. non-inmate), such as a friend or family member of acontrolled-environment facility resident (e.g. inmate), may, at 302access a website, such as may be hosted by the controlled-environmentfacility and/or an associated entity such as a communications providerfor the controlled-environment facility, or the like. At 304 adetermination may be made as to whether the non-resident is registeredto make inbound calls. If not, the non-resident may register at 306 tomake inbound calls, such as by selecting a facility, a resident andchoosing a call plan, establishing and funding an inbound callingaccount (134), and/or the like. The non-resident may then enter personaland/or identification information at 308. At 310 the non-resident mayselect the facility and resident that they wish to call and at 312 thenon-resident may click a webpage button to initiate the call.

Alternatively, or in situations where the non-resident has alreadyestablished an inbound calling account (134), the non-resident may calla central number, such as a toll-free number, at 314. The presentinbound calling system (130) may answer the call at 316 and at 318 IVRfunctionality associated with the inbound call processing system (130)may prompt the non-resident for their identification information. At 320the IVR may prompt the non-resident for information about the residentbeing called, such as identification information, to initiate the call.

Whether the inbound call is initiated via the website (steps 302 through312) or through a call placed into the system (steps 314 through 320)the inbound calling system verifies that the rules allow calls to theselected resident at 322, such as in the manner discussed above withrespect to PAN and PAC lists. At 324 a determination is made as towhether the resident's communication device is online (i.e. whether theresident is on his or her resident communication media device (104)). Ifit is determined at 324 that the resident is using his or her residentcommunication media device (104), the inbound calling system (130)directs the call to the resident's communication media tablet device(104) at 326. Thereupon, a phone application program (app) rings on theresident's tablet (104) at 328. At 330 the resident answers the call,and at 332 the inbound call system (130) verifies the resident'sidentity by requiring a PIN, and/or verifying authentication, such asthrough voice recognition, key pad, touchpad, fingerprint or otherbiometric, non-biometric, or other authentication methods. For example,the PIN may be entered by speaking it into the microphone of thecontrolled-environment facility resident media and/or communicationsdevice (104), by entering it on a keypad displayed on the touch screenof the device, and/or the like. This PIN entry process itself mayincorporate biometric verification. For example, when the PIN is enteredusing the touchscreen, fingerprint recognition can be used to verify theuser's identity. Alternatively or additionally, a spoken PIN may notonly be subjected to speech recognition to recognize the spoken numbersof the PIN, but also to voice recognition to verify the speaker'sidentity. Further, the camera of controlled-environment facilityresident media and/or communications device (104) may be used duringspoken or typed PIN entry as part of facial recognition of the deviceuser to (further) confirm the identity of the user for correlation withthe PIN.

A determination is made at 334, such as by the inbound calling system(130), as to whether recording is enabled for the call, such as may berequired for security reasons, investigative purposes, and/or the like,particularly with respect to the identity of the resident and/or thenon-resident. If it is determined at 334 that the call is to berecorded, the inbound calling system (130) starts recording the call at336. Additionally or alternative, the call may be monitored, such as at336 for impermissible activity such as attempts at three-way calling, orthe like, and/or for keywords, or the like for investigative purposes.Similarly, the recording may be stored for later review for suchinvestigative purposes. Regardless, at 338 the inbound calling system(130) joins the resident and non-resident for the call to take place.Once the call terminates at 340 a CDR may be generated at 342 foraccounting, security, investigative, and/or other purposes, and anyrecording of the call may be linked thereto.

In accordance with some embodiments of the present systems and methodsmultilayer authentication of a resident may be employed. FIG. 4 is aflowchart of yet another example implementation. Therein, process 400for inbound calling to intelligent controlled-environment facilityresident media and/or communications devices is illustrated, inaccordance with some embodiments. In accordance with embodiments ofprocess 400, a resident media and/or communications device, or the like,receives or captures data at 402, which may be used for verifyingauthentication of a resident operating the device. Receipt of this dataat 402 may include receipt of this data for verifying authentication ofa resident operating the resident media and/or communications device byan authenticating server. As noted, this data for verifyingauthentication of a resident may be, or may at least include, a PIN, apassword, or the like. Hence, acceptance of the data at 402 may includeentry of the PIN, or the like by the resident, via the resident device.At 404, authentication of identification of the resident operating theresident media and/or communications device may be verified, using thedata, in addition to verifying that the resident operating the device isassociated with an address identifier of the device. An authenticatingserver, or the like may verify the authentication of the residentoperating the device, and/or the authenticating server may verify thatthe resident operating the device is associated with the addressidentifier of the device, at 404, using the data.

At 406 it is confirmed that an inbound calling non-resident isassociated with the address identifier of the resident media and/orcommunications device, which may be carried out by the authenticationserver, an inbound resident call server, and/or (a) similar system(s) orfunctionality. Then, at 408 a notification is sent to the resident mediaand/or communications device of the call to the device.

After receipt of the notification from 408, the same or other data forverifying authentication of the resident operating the resident mediaand/or communications device is received or captured, at 410, via theresident media and/or communications device, for provision of theaforementioned multilayer authentication of the resident operating thedevice the call it is directed to. To this end, in certain embodiments,the authenticating server, or the like, may receive this same or otherdata for verifying authentication of a resident operating the residentdevice at 410. The data for re-verifying authentication of a residentmay also or alternatively include a PIN, or the like, which may beaccepted (at 410) by (re)entry of the PIN, or the like, via the residentdevice. Regardless, at 412, the authentication of the resident operatingthe resident media and/or communications device is re-verified using thedata received after receipt of the notification, which may generallyinclude re-verifying that the resident operating the device isassociated with the address identifier of the device. Again, theauthenticating server, or similar system or functionality may carry outthis re-verification of the authentication of the resident operating thedevice, including whether the resident is associated with the addressidentifier of the device, at 412.

As a result of confirming that the non-resident is associated with theaddress identifier of the resident media and/or communications device at406, as well as verifying and re-verifying authentication of theresident operating the device (including verifying and re-verifying thatthe resident operating the device is associated with the addressidentifier of the device) at 404 and 412, respectively, the non-residentinbound call is connected with the device at 414.

In embodiments employing a PIN, a password, or the like, as at least apart of the data used for verifying and/or re-verifying authenticationof the resident, process 400, or the like may include, verifying and/orre-verifying that the PIN, or the like is associated with a resident towhom the inbound call is directed. This verification and/orre-verification, may be carried out, as part of the verification at 404,the confirmation that the inbound calling non-resident is associatedwith the address identifier of the called resident media and/orcommunications device at 406, during the re-verification at 412, or thelike. This PIN-based verification and/or re-verification may be carriedout by the authentication server, the inbound resident call server,and/or a similar system or functionality.

Embodiments employing a PIN, or the like, as at least a part of the dataused for verifying and/or re-verifying authentication of the resident,process 400, or the like may further accept entry and/or reentry of aspoken PIN, or the like for receipt at 402 and/or for receipt at 410 forverification of authentication of the device user at 404 and/orre-verification at 412. Under such embodiments, entry and/or reentry ofa PIN may be accomplished by performing speech recognition on the spokenPIN. For example, the digits, or the like, spoken may be recognizedusing speech recognition, such as without necessarily using in voicerecognition to recognize the speaker.

Additionally or alternatively, in accordance with certain embodiments,the data for verifying and/or re-verifying authentication of a resident,received at 402 and/or 410 and used at 404 and/or 412, may be, or atleast include, biometric data. In accordance with such embodiments, thebiometric data may be captured and/or recaptured by the resident mediaand/or communications device, as a part of receipt of the identificationdata, at 402 and/or 410. For example, the biometric data may be thevoice of the resident operating the resident media and/or communicationsdevice, wherein verifying and/or re-verifying authentication of theresident operating the device, at 404 and/or 412 uses voice recognition.Therein, verification and/or re-verification of authentication of theresident operating the device may, additionally or alternatively, becarried out using voice recognition on the spoken digits, or the like,in addition to (or in lieu of) using speech recognition to identify thedigits spoken.

Under other biometric-based embodiments, the biometric data may be atleast one fingerprint of the resident operating the resident mediaand/or communications device. Thereunder, capturing and/or recapturingdata related to at least one fingerprint of the resident operating thedevice, by the device, during use of the device, may be a part ofreceipt of the data at 402 and/or 410, or the like. Underfingerprint-use embodiments verifying and/or re-verifying authenticationof the resident operating a resident media and/or communications device,at 404 and/or 412 may use fingerprint recognition and this data relatedto at least one fingerprint. Hence, some such embodiments, and somePIN-based embodiments or the like, may employ receipt at 402 and/or 410of entry and/or reentry of the PIN via a touchscreen keypad, or thelike, displayed by the resident media and/or communications device. Suchembodiments may also capture data related to at least one fingerprint ofthe entering resident, by the resident media and/or communicationsdevice, during this entry and/or reentry of the PIN. Whereupon,authentication of the resident operating the resident media and/orcommunications device may be verified at 404 and/or re-verified at 412using fingerprint recognition and the data related to at least onefingerprint, so captured, in addition to (or in lieu of) re-verificationand/or re-verification of the PIN entered and/or reentered.

In further such biometric-based embodiments, the data may be an image ofthe resident using the resident media and/or communications device. Insuch embodiments, image data of the resident operating the device may becaptured and/or recaptured, such as a part of receiving the dataassociated with the resident operating the device at 402 and/or 410,using a camera of the device. The device may capture image data of theresident operating the device, using the camera of the device, duringuse, such as, for example, during entry and/or reentry of the PIN, orthe like, into the device. In accordance with such embodiments,verification and/or re-verification, at 404 and/or 412, ofauthentication of the resident operating the resident media and/orcommunications device may be made using facial recognition and the imagedata.

With reference back to FIG. 1, embodiments of the present systems andmethods multilayer authentication may employ an inbound call system forhandling inbound calls to resident media and/or communications devices102, 103 and/or 104, wherein each device has a relatively unique addressidentifier. Further, each resident device may be configured to receivedata to verify and re-verify authentication of a resident operating thedevice. Such an inbound call system may further include inbound residentcall server or functionality 132 configured to connect non-residentinbound calls with corresponding resident media and/or communicationsdevices and authenticating server or functionality 136. Authenticatingserver 136 or other authentication functionality is configured, inaccordance with such multilayer authentication embodiments to verify,using the received or otherwise collected user data (from 402), toauthenticate of the resident operating device 103 or 104, such as inaccordance with step 404. Authenticating server 136, otherauthentication functionality, or the like may also be configured toconfirm that an inbound calling non-resident is associated with theaddress identifier of the device (103, 104, etc.) the non-resident iscalling, at 406. Authenticating server 136, other authenticationfunctionality, or the like may also send the notification at 408 to thecalled device (103, 104, etc.) of an inbound call from the callingnon-resident to the resident operating the device.

Further, to implement multilayer authentication, authenticating server136 or other authentication functionality may be further configured toreceive, via the notified resident media and/or communications device(102,103, 104, etc.) the same or other data at 410 to re-verifyauthentication of the resident operating the resident media and/orcommunications device the non-resident is calling. Thus, authenticatingserver 136 or other authentication functionality re-verifiesauthentication of the resident operating the resident media and/orcommunications device (102,103, 104, etc.) using this same or other dataat 412. For example, the Authenticating server 136 or otherauthentication functionality may again verify that the residentoperating the resident media and/or communications device is associatedwith the address identifier of the resident media and/or communicationsdevice (102,103, 104, etc.). This re-verification may be carried outprior to connection of the non-resident inbound call with the residentmedia and/or communications device (102,103, 104, etc.) by the inboundresident call server at 414.

As noted the data to verify and/or re-verify authentication of aresident may include a PIN, a password, or the like, entered and/orreentered via resident media and/or communications device 103 or 104. Inwhich case, authenticating server 136 may be further configured toverify (404) and/or re-verify (412) the PIN is associated with theresident to whom the inbound call is directed. Alternatively, oradditionally, data to verify and/or re-verify authentication of aresident at 404 and/or 412, respectively may include biometric data. Insuch embodiments, resident media and/or communications device 102, 103or 104 may be configured to capture and/or recapture the biometric data.For example, biometrics captured during entry of a PIN or the like maybe used as part of the verification and/or re-verification at 404 and412, respectively.

In such an example, a PIN, a password, or the like may be entered (402)and/or reentered (410) via resident media and/or communications device102, 103 or 104 by being spoken and/or respoken by the residentoperating the resident media and/or communications device. In suchembodiments, authenticating server 136 may be further configured tocomplete entry and/or reentry of the PIN using speech recognition andmay verify (404) and/or re-verify (412) authentication of the residentoperating the resident media and/or communications device usingbiometrics in the form of voice recognition. Thus, in accordance withthe example above, the biometric data may be the voice of the residentoperating resident media and/or communications device 102, 103 or 104,in which case, as noted, authenticating server 136 may be configured toverify and/or re-verify, at 404 and/or 412, authentication of theresident operating the device using voice recognition, with, or without,using speech recognition to recognize (enter) a PIN, or the like. Insuch embodiments, the voice recognition may be ongoing, to verify and/orre-verify the user during use of the device by carrying out biometricvoice recognition of the user during such use, to verify the user is theresident associated with the device.

Other biometric data used in accordance with the present systems andmethods may include at least one fingerprint of the resident operating aresident media and/or communications device. Resident media and/orcommunications device 102, 103 or 104 may be configured to captureand/or recapture data related to at least one fingerprint of theresident operating the resident media and/or communications deviceduring use of the resident media and/or communications device forreceipt (402 or 410) by authenticating server 136. This fingerprintcapture may be carried out covertly during normal use, such as when theresident uses a touchscreen of the device, or the capture may be carriedout overtly, wherein the user is requested, via the device, to provide afingerprint, via the device. In any case, the authenticating server maybe configured to verify and/or re-verify (404 and/or 412) authenticationof the resident operating the device using fingerprint recognition onthe captured data related to at least one fingerprint. In a furtherdetailed example, a PIN may be entered and/or reentered via atouchscreen keypad displayed by resident media and/or communicationsdevice 103 or 104. In such embodiments, resident media and/orcommunications device 102, 103 or 104 may be is configured to covertly,or overtly, capture data related to at least one fingerprint during thisentry (402) and/or reentry (410) for receipt by authenticating server136. Whereupon, authenticating server 136 may verify (404) and/orre-verify (412) authentication of the resident operating the deviceusing fingerprint recognition and the device-captured data related to atleast one fingerprint.

As noted, resident media and/or communications device 102, 103 or 104may have a camera. Thus, the biometric data used for verification and/orre-verification may be an image of the resident using the device. Insuch embodiments, the resident media and/or communications device may beconfigured to covertly, or overtly, capture and/or recapture image dataof the resident operating the device for receipt by the authenticatingserver at 402 and/or 410. Authenticating server 136 may, in accordancewith such embodiments, be configured to verify (404) and/or re-verify(412) authentication of the resident operating the resident media and/orcommunications device using facial recognition on the captured and/orrecaptured image data. Hence, in another further detailed example,resident media and/or communications device 102, 103 or 104 thatincludes a camera may covertly, or overtly, capture and/or recaptureimage data of the resident operating the resident media and/orcommunications device during entry and/or reentry of the PIN into thedevice for receipt by authenticating server 136, at 402 and/or 410.Whereupon, authenticating server 136 may verify (404) and/or re-verify(412) authentication of the resident operating the resident media and/orcommunications device using facial recognition on the image data thuscaptured during PIN entry/reentry.

Embodiments of the present systems and methods for inbound calls tointelligent controlled-environment facility resident media and/orcommunications devices (104), as described herein, may be implemented orexecuted, at least in part, by one or more computer systems. One suchcomputer system is illustrated in FIG. 5. In various embodiments,computer system 500 may be a server, a mainframe computer system, aworkstation, a network computer, a desktop computer, a laptop, a tabletcomputing device, media player, or the like. For example, in some cases,computer 500 may implement one or more steps of example processes 200and/or 300 described above with respect to FIGS. 1 through 3, and/or acomputer system such as computer system 500 may be used as, or as partof, one or more of controlled environment facility communicationprocessing system 101, intelligent controlled-environment facilityresident media and/or communications device 104, inbound call processingsystem 130, inbound resident call server 132, authenticating server 136,and/or the like. In various embodiments two or more of these computersystems may be configured to communicate with each other in any suitableway, such as, for example, via a network, including via a local areanetwork, and/or using wireless functionality.

As illustrated, example computer system 500 includes one or moreprocessors 510 coupled to a system memory 520 via an input/output (I/O)interface 530. Example computer system 500 further includes a networkinterface 540 coupled to I/O interface 530, and one or more input/outputdevices 550, such as video device(s) 560 (e.g., a camera), audiodevice(s) 570 (e.g., a microphone and/or a speaker), and display(s) 580.Computer system 500 may also include a cursor control device (e.g., amouse or touchpad), a keyboard, etc. Multiple input/output devices 550may be present in computer system 500 or may be distributed on variousnodes of computer system 500. In some embodiments, similar input/outputdevices may be separate from computer system 500 and may interact withone or more nodes of computer system 500 through a wired or wirelessconnection, such as over network interface 540.

In various embodiments, computer system 500 may be a single-processorsystem including one processor 510, or a multi-processor systemincluding two or more processors 510 (e.g., two, four, eight, or anothersuitable number). Processors 510 may be any processor capable ofexecuting program instructions. For example, in various embodiments,processors 510 may be general-purpose or embedded processorsimplementing any of a variety of instruction set architectures (ISAs),such as the x86, POWERPC®, ARM®, SPARC®, or MIPS® ISAs, or any othersuitable ISA. In multi-processor systems, each of processors 510 maycommonly, but not necessarily, implement the same ISA. Also, in someembodiments, at least one processor 510 may be a graphics processingunit (GPU) or other dedicated graphics-rendering device.

System memory 520 may be configured to store program instructions and/ordata accessible by processor 510. In various embodiments, system memory520 may be implemented using any suitable memory technology, such asstatic random access memory (SRAM), synchronous dynamic RAM (SDRAM),nonvolatile/Flash-type memory, or any other type of memory. Asillustrated, program instructions and data implementing certainoperations, such as, for example, those described in connection withFIGS. 1 through 3, above, may be stored within system memory 520 asprogram instructions 525 and data storage 535, respectively. In otherembodiments, program instructions and/or data may be received, sent orstored upon different types of computer-accessible media or on similarmedia separate from system memory 520 or computer system 500. Generallyspeaking, a computer-readable medium may include any tangible ornon-transitory storage media or memory media such as magnetic or opticalmedia—e.g., disk or CD/DVD-ROM coupled to computer system 500 via I/Ointerface 530, Flash memory, random access memory (RAM), etc. Programinstructions and data stored on a tangible computer-accessible medium innon-transitory form may further be transmitted by transmission media orsignals such as electrical, electromagnetic, or digital signals, whichmay be conveyed via a communication medium such as a network and/or awireless link, such as may be implemented via network interface 540.

In some embodiments, I/O interface 530 may be configured to coordinateI/O traffic between processor 510, system memory 520, and any peripheraldevices in the device, including network interface 540 or otherperipheral interfaces, such as input/output devices 550. In someembodiments, I/O interface 530 may perform any suitable protocol, timingor other data transformations to convert data signals from one component(e.g., system memory 520) into a format usable by another component(e.g., processor 510). In some embodiments, I/O interface 530 mayinclude support for devices attached through various types of peripheralbuses, such as a variant of the Peripheral Component Interconnect (PCI)bus standard or the Universal Serial Bus (USB) standard, for example. Insome embodiments, the function of I/O interface 530 may be split intotwo or more separate components, such as a north bridge and a southbridge, for example. In addition, in some embodiments, some or all ofthe functionality of I/O interface 530, such as an interface to systemmemory 520, may be incorporated into processor 510.

Network interface 540 may be configured to allow data to be exchangedbetween computer system 500 and other devices attached to a network,such as other computer systems, or between nodes of computer system 500.In various embodiments, network interface 540 may support communicationvia wired or wireless general data networks, such as any suitable typeof Ethernet network, for example; via telecommunications/telephonynetworks such as analog voice networks or digital fiber communicationsnetworks; via storage area networks such as Fiber Channel SANs, or viaany other suitable type of network and/or protocol.

As shown in FIG. 5, memory 520 may include program instructions 525,configured to implement certain embodiments described herein, and datastorage 535, comprising various data accessible by program instructions525. In an embodiment, program instructions 525 may include softwareelements corresponding to one or more of the various embodimentsillustrated in the above figures. For example, program instructions 525may be implemented in various embodiments using any desired programminglanguage, scripting language, or combination of programming languagesand/or scripting languages (e.g., C, C++, C#, JAVA®, JAVASCRIPT®, PERL®,etc.). Data storage 535 may include data that may be used in theseembodiments. In other embodiments, other or different software elementsand data may be included.

A person of ordinary skill in the art will appreciate that computersystem 500 is merely illustrative and is not intended to limit the scopeof the disclosure described herein. In particular, the computer systemand devices may include any combination of hardware or software that canperform the indicated operations. Additionally, the operations performedby the illustrated components may, in some embodiments, be performed byfewer components or distributed across additional components. Similarly,in other embodiments, the operations of some of the illustratedcomponents may not be provided and/or other additional operations may beavailable. Accordingly, systems and methods described herein may beimplemented or executed with other computer system configurations.

Although the present invention and its advantages have been described indetail, it should be understood that various changes, substitutions andalterations can be made herein without departing from the spirit andscope of the invention as defined by the appended claims. Moreover, thescope of the present application is not intended to be limited to theparticular embodiments of the process, machine, manufacture, compositionof matter, means, methods and steps described in the specification. Asone of ordinary skill in the art will readily appreciate from thedisclosure of the present invention, processes, machines, manufacture,compositions of matter, means, methods, or steps, presently existing orlater to be developed that perform substantially the same function orachieve substantially the same result as the corresponding embodimentsdescribed herein may be utilized according to the present invention.Accordingly, the appended claims are intended to include within theirscope such processes, machines, manufacture, compositions of matter,means, methods, or steps.

What is claimed is:
 1. An inbound call system for handling inbound callsto inmate media and/or communications devices, the system comprising:one or more inmate media and/or communications devices, each having arelatively unique hardcoded address identifier, and each configured toreceive data to verify and re-verify authentication of an inmateoperating the inmate media and/or communications device; an inboundinmate call server configured to connect non-inmate inbound calls withcorresponding inmate media and/or communications devices; and anauthenticating server configured to: verify, using the data,authentication of the inmate operating the inmate media and/orcommunications device as associated with the hardcoded addressidentifier of the inmate media and/or communications device; confirmthat an inbound calling non-inmate is associated with the hardcodedaddress identifier of the inmate media and/or communications device thenon-inmate is calling; send a notification of a non-inmate call to theinmate media and/or communications device to the inmate operating theinmate media and/or communications device from the calling non-inmate;receive, via the inmate media and/or communications device, afterreceipt of the notification, the same or other data to re-verifyauthentication of the inmate operating the inmate media and/orcommunications device the non-inmate is calling; and re-verifyauthentication of the inmate operating the inmate media and/orcommunications device, using the same or other data, as associated withthe hardcoded address identifier of the inmate media and/orcommunications device prior to connection of the non-inmate inbound callwith the inmate media and/or communications device by the inbound inmatecall server.
 2. The system of claim 1, wherein data to verify and/orre-verify authentication of an inmate comprises a personalidentification number entered and/or reentered via the inmate mediaand/or communications device.
 3. The system of claim 2, wherein theauthenticating server is further configured to verify and/or re-verifythe personal identification number is associated with an inmate to whomthe inbound call is directed.
 4. The system of claim 2, wherein thepersonal identification number is entered and/or reentered via theinmate media and/or communications device by being spoken and/orrespoken by the inmate operating the inmate media and/or communicationsdevice and the authenticating server is further configured to enterand/or reenter the personal identification number using speechrecognition and verify and/or re-verify authentication of the inmateoperating the inmate media and/or communications device using voicerecognition.
 5. The system of claim 2, wherein the personalidentification number is entered and/or reentered via a touchscreenkeypad displayed by the inmate media and/or communications device, theinmate media and/or communications device is configured to capture datarelated to at least one fingerprint during entry and/or reentry forreceipt by the authenticating server, and the authenticating server isfurther configured to verify and/or re-verify authentication of theinmate operating the inmate media and/or communications device usingfingerprint recognition and the data related to at least onefingerprint.
 6. The system of claim 2, wherein the inmate media and/orcommunications device further comprises a camera and the inmate mediaand/or communications device is configured to capture and/or recaptureimage data of the inmate operating the inmate media and/orcommunications device during entry and/or reentry of the personalidentification number into the inmate media and/or communications devicefor receipt by the authenticating server, and the authenticating serveris further configured to verify and/or re-verify authentication of theinmate operating the inmate media and/or communications device usingfacial recognition and the image data.
 7. The system of claim 1, whereindata to verify and/or re-verify authentication of an inmate comprisesbiometric data and the inmate media and/or communications device isconfigured to capture and/or recapture the biometric data.
 8. The systemof claim 7, wherein the biometric data is the voice of the inmateoperating the inmate media and/or communications device and theauthenticating server is further configured to verify and/or re-verifyauthentication of the inmate operating the inmate media and/orcommunications device using voice recognition.
 9. The system of claim 7,wherein the biometric data is at least one fingerprint of the inmateoperating the inmate media and/or communications device, the inmatemedia and/or communications device is configured to capture and/orrecapture data related to at least one fingerprint of the inmateoperating the inmate media and/or communications device during use ofthe inmate media and/or communications device for receipt by theauthenticating server, and the authenticating server is furtherconfigured to verify and/or re-verify authentication of the inmateoperating the inmate media and/or communications device usingfingerprint recognition and the data related to at least onefingerprint.
 10. The system of claim 7, wherein the inmate media and/orcommunications device further comprises a camera, the biometric data isan image of the inmate using the inmate media and/or communicationsdevice, the inmate media and/or communications device is configured tocapture and/or recapture image data of the inmate operating the inmatemedia and/or communications device for receipt by the authenticatingserver, and the authenticating server is further configured to verifyand/or re-verify authentication of the inmate operating the inmate mediaand/or communications device using facial recognition and the imagedata.
 11. A method for processing inbound calls to inmate media and/orcommunications devices, the method comprising: receiving, via an inmatemedia and/or communications device, data for verifying authentication ofan inmate operating the inmate media and/or communications device;verifying authentication of the inmate operating the inmate media and/orcommunications device using the data as associated with a hardcodedaddress identifier of the inmate media and/or communications device;confirming that an inbound calling non-resident is associated with thehardcoded address identifier of the inmate media and/or communicationsdevice; sending a notification to the inmate media and/or communicationsdevice of a call to the inmate operating the inmate media and/orcommunications device; receiving, via the inmate media and/orcommunications device, after receipt of the notification, the same orother data for verifying authentication of an inmate operating theinmate media and/or communications device; re-verifying authenticationof the inmate operating the inmate media and/or communications deviceusing the data received after receipt of the notification as associatedwith the hardcoded address identifier of the inmate media and/orcommunications device; and connecting the non-inmate inbound call withthe inmate media and/or communications device as a result ofauthenticating that the non-inmate is associated with the hardcodedaddress identifier of the inmate media and/or communications device andverifying and/or re-verifying authentication of the inmate operating theinmate media and/or communications device as associated with thehardcoded address identifier of the inmate media and/or communicationsdevice.
 12. The method of claim 11 wherein the data for verifyingauthentication of an inmate operating the inmate media and/orcommunications device is received by an authenticating server, theauthenticating server verifying, using the data, the authentication ofthe inmate operating the inmate media and/or communications device asassociated with the hardcoded address identifier of the inmate mediaand/or communications device, the authenticating server confirming thatthe inbound calling non-resident is associated with the hardcodedaddress identifier of the inmate media and/or communications device, theauthenticating server receiving the same or other data for verifyingauthentication of an inmate operating the inmate media and/orcommunications device, the authenticating server re-verifyingauthentication of the inmate operating the inmate media and/orcommunications device, using the data received after the notification asassociated with the hardcoded address identifier of the inmate mediaand/or communications device.
 13. The method of claim 11, wherein datafor verifying authentication of an inmate comprises a personalidentification number, and the method further comprises accepting entryand/or reentry of the personal identification number via the inmatemedia and/or communications device.
 14. The method of claim 13, furthercomprising verifying and/or re-verifying that the personalidentification number is associated with an inmate to whom the inboundcall is directed.
 15. The method of claim 13, further comprising:accepting entry and/or reentry of a spoken personal identificationnumber; entering and/or reentering the personal identification numberusing speech recognition; and verifying and/or re-verifyingauthentication of the inmate operating the inmate media and/orcommunications device using voice recognition.
 16. The method of claim13, further comprising: accepting entry and/or reentry of the personalidentification number via a touchscreen keypad displayed by the inmatemedia and/or communications device; capturing data related to at leastone fingerprint, by the inmate media and/or communications device,during entry and/or reentry; and verifying and/or re-verifyingauthentication of the inmate operating the inmate media and/orcommunications device using fingerprint recognition and the data relatedto at least one fingerprint.
 17. The method of claim 13, furthercomprising: capturing, by a camera of the inmate media and/orcommunications device, image data of the inmate operating the inmatemedia and/or communications device during entry and/or reentry of thepersonal identification number into the inmate media and/orcommunications device; and verifying and/or re-verifying authenticationof the inmate operating the inmate media and/or communications deviceusing facial recognition and the image data.
 18. The method of claim 11,wherein the data for verifying authentication of an inmate comprisesbiometric data, and the method further comprises capturing and/orrecapturing the biometric data by the inmate media and/or communicationsdevice.
 19. The method of claim 18, wherein the biometric data is thevoice of the inmate operating the inmate media and/or communicationsdevice, and the method further comprises verifying and/or re-verifyingauthentication of the inmate operating the inmate media and/orcommunications device using voice recognition.
 20. The method of claim18, wherein the biometric data is at least one fingerprint of the inmateoperating the inmate media and/or communications device, and the methodfurther comprises: capturing and/or recapturing, by the inmate mediaand/or communications device, data related to at least one fingerprintof the inmate operating the inmate media and/or communications deviceduring use of the inmate media and/or communications device; andverifying and/or re-verifying authentication of the inmate operating theinmate media and/or communications device using fingerprint recognitionand the data related to at least one fingerprint.
 21. The method ofclaim 18, wherein the biometric data is an image of the inmate using theinmate media and/or communications device, and the method furthercomprises: capturing and/or recapturing image data of the inmateoperating the inmate media and/or communications device, using a cameraof the inmate media and/or communications device; and verifying and/orre-verifying authentication of the inmate operating the inmate mediaand/or communications device using facial recognition and the imagedata.
 22. A non-transitory computer-readable storage medium havingprogram instructions stored thereon that, upon execution by one or morecontrolled-environment facility communications systems, cause the one ormore communications systems to: receive, via an inmate media and/orcommunications device, data associated with the inmate operating theinmate media and/or communications device; verify authentication of theinmate operating the inmate media and/or communications device as aninmate associated with a hardcoded address identifier of the inmatemedia and/or communications device; receive an inbound call from anon-inmate directed to the inmate and/or the inmate media and/orcommunications device; confirm that the inbound calling non-inmate isassociated with a hardcoded address identifier of the inmate mediaand/or communications device; send a notification to the inmate mediaand/or communications device of the inbound call; receive, via theinmate media and/or communications device, after receipt of thenotification, the same or other data associated with the inmateoperating the inmate media and/or communications device; re-verifyauthentication of the inmate operating the inmate media and/orcommunications device as an inmate as associated with a hardcodedaddress identifier of the inmate media and/or communications deviceusing the same or other data associated with the inmate operating theinmate media and/or communications device received after receipt of thenotification; and connect the non-inmate inbound call with the inmatemedia and/or communications device as a result of confirmation that thenon-inmate is associated with a hardcoded address identifier of theinmate media and/or communications device and verification andre-verification that the inmate operating the inmate media and/orcommunications device is associated with the hardcoded addressidentifier of the inmate media and/or communications device.